exclude wc_implode_html_attributes, wc_get_notice_data_attr, and other similar funcions from the WordPress.Security.EscapeOutput.OutputNotEscaped

woocommerce / qit-cli

A Testing Platform for WordPress Plugins and Themes

https://qit.woo.com

19 stars 2 forks source link

exclude wc_implode_html_attributes, wc_get_notice_data_attr, and other similar funcions from the WordPress.Security.EscapeOutput.OutputNotEscaped #50

Closed oscargare closed 1 year ago

oscargare commented 1 year ago

Hi, The WooCommerce core functions that already escape the output, like wc_implode_html_attributes, or wc_get_notice_data_attr, should not trigger WordPress.Security.EscapeOutput.OutputNotEscaped error.

Luc45 commented 1 year ago

Thanks for your feedback, @oscargare.

We use the same escaping and sanitizing rules as WooCommerce Core PHPCS file, so we should be mostly covered.

I have checked wc_implode_html_attributes and wc_get_notice_data_attr and I agree they can be added as Escaping Functions, I'll take this on this sprint.

Luc45 commented 1 year ago

Done @oscargare , thanks for the feedback.

oscargare commented 1 year ago

Thank you, When will this change be available in the WooCommerce.com Partner Developer dashboard?